CVE-2014-9732CVE-2014-9732

Affected configuration(s):

cpe:/a:libmspack_project:libmspack:0.4-3

Date published: 2015-06-11T10:59:00.077-04:00

Date last modified: 2016-11-28T14:14:25.877-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://openwall.com/lists/oss-security/2015/02/03/11

Summary: The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.